I am very new to Splunk (as in this is my 3rd day using it) and am having some issues understanding what I am doing wrong.
specific.server
| stats dc(userID) as totalUsers
| append [search specific.server AND "text" | stats count(field) as variableA]
| eval variableB = exact(variableA/totalUsers)
| stats sum(totalUsers), sum(variableA), sum(variableB)
Now when this runs sum(totalUsers) and sum(variableA) shows up correctly however sum(variableB) always shows up as a blank field. I have tried many different ways and none of them have worked.
Now I will explain the way I am understanding what I wrote.
First I am counting the number of individual users on a specific server and putting that number as a variable named
totalUsers.
I am doing another search and in that search I count how many times a certain field occurs on that specific server and place that value into variableA
I then create a new variable called variableB and evaluate that to be variableA/totalUsers
This then is displayed with the sum of each individual variables totalUsers, variableA, variableB
Please explain to me what I am understanding incorrectly and if at all possible how to achieve what I am trying to do or at least point me in the right direction.
Thanks
... View more